You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2018/04/03 14:49:27 UTC

nifi git commit: NIFI-4788 This closes #2427. Exposing nifi.web.proxy.host configuration for Docker containers.

Repository: nifi
Updated Branches:
  refs/heads/master 364985fb4 -> 7c0ee014d


NIFI-4788 This closes #2427. Exposing nifi.web.proxy.host configuration for Docker containers.

Signed-off-by: joewitt <jo...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/7c0ee014
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/7c0ee014
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/7c0ee014

Branch: refs/heads/master
Commit: 7c0ee014d339588547a2bab18a68f7d1dfdd28af
Parents: 364985f
Author: Aldrin Piri <al...@apache.org>
Authored: Tue Jan 23 10:43:45 2018 -0500
Committer: joewitt <jo...@apache.org>
Committed: Tue Apr 3 07:49:06 2018 -0700

----------------------------------------------------------------------
 nifi-docker/dockerhub/README.md    | 3 +++
 nifi-docker/dockerhub/sh/secure.sh | 7 +++++++
 nifi-docker/dockerhub/sh/start.sh  | 5 +++++
 3 files changed, 15 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/README.md
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index 4d9a559..31e808e 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -134,3 +134,6 @@ can be published to the host.
 | HTTPS Port               | nifi.web.https.port           | 8443  |
 | Remote Input Socket Port | nifi.remote.input.socket.port | 10000 |
 
+=======
+**NOTE**: If mapping the HTTPS port specifying trusted hosts should be provided for the property _nifi.web.proxy.host_.  This property can be specified to running instances
+via specifying an environment variable at container instantiation of _NIFI\_WEB\_PROXY\_HOST_.

http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/secure.sh
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh
index 919e118..5ff56e4 100644
--- a/nifi-docker/dockerhub/sh/secure.sh
+++ b/nifi-docker/dockerhub/sh/secure.sh
@@ -52,6 +52,13 @@ prop_replace 'nifi.web.https.port'  "${NIFI_WEB_HTTPS_PORT:-8443}"
 prop_replace 'nifi.web.https.host'  "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
 prop_replace 'nifi.remote.input.secure' 'true'
 
+# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately
+if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
+    echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode.  The NiFi UI may be inaccessible if using port mapping.'
+else
+    prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
+fi
+
 # Establish initial user and an associated admin identity
 sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml
 sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|'  ${NIFI_HOME}/conf/authorizers.xml

http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/start.sh
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh
index 7e340a6..2775bc7 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -41,6 +41,11 @@ case ${AUTH} in
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
         ;;
+    *)
+        if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
+            echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode.  Will not update nifi.web.proxy.host.'
+        fi
+        ;;
 esac
 
 # Continuously provide logs so that 'docker logs' can    produce them